Many businesses have been using secret scores created by data brokers to determine how much to charge consumers, whether to allow purchase returns, and what level of service to offer, among other things.
One such broker, Sift, gave New York Times technology reporter Kashmir Hill a file of more than 400 pages that “contained all the messages I’d ever sent to hosts on Airbnb; years of Yelp delivery orders; a log of every time I’d opened the Coinbase app on my iPhone,” she wrote.
Many entries included detailed information about the device she used at the time, including her IP address.
“The staggering amount of data collection and surveillance scoring uncovered in Kashmir Hill’s piece demonstrates just how vulnerable consumers are to online companies whose practices lack oversight by consumer protection agencies,” an Electronic Frontier Foundation spokesperson said in comments provided to the E-Commerce Times by organization rep Karen Gullo.
“If the information is available on the public Web and other public sources, then the act of collecting this information, analyzing it and selling it should not be illegal,” said Mike Jude, research manager, digital health, at Frost & Sullivan.
“It is what you do with it that can be illegal,” he told the E-Commerce Times.
Businesses dealing in high-value or low-margin items need to know how trustworthy their customers are, Jude noted. “Consumers know this; try buying a car without a credit check.”
Sift provides its files to consumers on request, and Hill found four other data brokers that said they would do the same: Zeta Global, Retail Equation, Riskified and Kustomer.
However, her attempts to view Kustomer’s file on her failed. The company fobbed her off to its clients.
The Consumer Education Foundation
Hill queried the organizations in connection with her follow-up reporting on a letter the Consumer Education Foundation’s Represent Consumers project sent to the United States Federal Trade Commission in June.
The letter identifies several companies creating secret surveillance scores and their clients, and calls for an FTC investigation under Section 5 of the Federal Trade Commission Act, to determine the following:
- How the scores are generated and applied, and by whom;
- Who is targeted using the scores; and
- The scores’ impact on consumers and the marketplace.
Online price testing confirmed concerns that businesses, including travel and other aggregators, have been engaging in price discrimination based on secret surveillance scores, the letter says.
For example, Cornerstone OnDemand’s score rates people as less worthy of a job if they have a longer commute.
The letter asks the FTC to take appropriate enforcement action and prohibit the use of scores if violations are found.
“Discrimination is implicit in most transactions, usually as a basis for estimating how much a customer values the product or service,” Frost’s Jude said.
“Strong consumer privacy laws that put users in control of their data will go a long way towards disrupting data surveillance by data brokers and their suppliers,” the EFF spokesperson said.
“Most consumers will never know when they are the victim of a secret surveillance score,” noted Laura Antonini, policy director at the Consumer Education Foundation.
“They will never know the name of the data analytics firm generating their score because it is all done behind the curtains,” she told the E-Commerce Times. “That is why action from the FTC or Congress is essential to protect consumers from this predatory practice.”
The FTC’s Role
The FTC has taken a number of steps to rein in data brokers in recent years.
- In December 2012 it asked nine data brokers to explain how they collected and used consumer data;
- In March 2013 it issued recommendations on protecting consumer privacy;
- In June 2013 FTC Commissioner Julie Brill proposed the “Reclaim Your Name” program, which would require a) that data brokers develop a one-stop online shop to let consumers control their data; and b) require credit bureaus to develop a system that would incorporate consumers’ corrections in all their databases;
- In 2014, the FTC urged Congress to require that data brokers be more transparent and give consumers greater control over their personal information; and
- In 2016, the commission issued recommendations to businesses on the growing use of big data.
The commission also has brought several enforcement actions against data brokers in recent years.
Citing the FTC’s “recent slap-on-the-wrist penalties against Facebook and Google for privacy violations,” Antonini expressed doubts as to whether the commission would take effective action.
The commission has “called on Congress to pass data security and privacy legislation that would provide the FTC with more authority,” a spokesperson pointed out in correspondence provided to the E-Commerce Times by Juliana Gruenwald Henderson of the FTC’s office of public affairs.
The Industry Wants Action
Meanwhile, the high-tech industry has been pushing for action.
In January, Apple CEO Tim Cook called on Congress to pass comprehensive federal privacy legislation.
In May, former commissioner Julie Brill, deputy general counsel at Microsoft, called on Congress to adopt a new privacy framework upholding the fundamental right to privacy.
That idea does not sit well with Frost’s Jude.
“This is free market capitalism,” he said. “Data makes it work and so should flow without restrictions. If you want to put a stop to bad outcomes, make a law that people own their own data and make aggregators pay to use it.”